Issued:
2021-03-09
Updated:
2021-03-09

RHSA-2021:0779 - Important: Red Hat Ansible Tower 3.7.5-1 - Container security and bug fix update

Synopsis

Important: Red Hat Ansible Tower 3.7.5-1 - Container security and bug fix update

Type/Severity

Security Advisory Important

Topic

Red Hat Ansible Tower 3.7.5-1 - RHEL7 Container

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Security Fix(es):

  • Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
  • Upgraded to a more recent version of autobahn to address CVE-2020-35678.
  • Upgraded to a more recent version of nginx to address CVE-2019-20372.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.
  • Improved analytics collection to collect the playbook status for all hosts in a playbook run

Solution

For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html

Affected Products

ProductVersionArch
Red Hat Ansible Automation PlatformText-Only Advisoriesx86_64

Fixes

CVEs

References

Additional information